Skip to content

Setup AWS File Hosting

Full Delivery Flow:

User clicks "Download"
    
Flask checks ProductAccess
    
Flask generates presigned S3 URL
    
User is redirected to S3
    
ZIP downloads directly from AWS

Create a new product in your Admin area

Create new product in Admin area Screenshot

Create a Private S3 Bucket

  • Name: [your-product-name]

  • Region: your choice (match your app region)

  • Block all public access: ON

  • This bucket must be private only.

Upload Your Digital Product File

Inside your new bucket:

  • Click Upload

  • Upload your file (e.g. my_product_name.zip)

  • Important: Keep the filename the same as your File Key in database.

Create IAM User for Programmatic Access

You should never use root credentials for this.

Go to: IAM → Users → Create user

Settings: - Username: [your-product-name]-s3-user - Access type: Programmatic access

Attach Minimal S3 Permissions

Choose:

Attach policies directly

Then:

Create policy → JSON tab

Paste this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::[your-bucket-name]/*"
        }
    ]
}

Save the policy and attach it to the IAM user.

Generate Access Keys

After user creation:

Go to: IAM → Users → [your-product]-user → Security credentials

Create Access Key.

You will receive:

AWS_ACCESS_KEY_ID

AWS_SECRET_ACCESS_KEY

⚠️ Copy them immediately.

Add Environment Variables

In your .env file:

AWS_ACCESS_KEY_ID="your_access_key"
AWS_SECRET_ACCESS_KEY="your_secret_key"
AWS_REGION="eu-west-2"
AWS_S3_BUCKET="pythonstarter-downloads"

When deploying to Render:

Add these in: Render → Environment → Environment Variables